Cross-site scripting

Cross-site scripting (XSS) is a code injection attack executed on the client-side of a web application. The client-side of a web application is usually the software that is used to interact with the web application and in most cases, it is the browser that is used to interact with the web application. In a cross-site scripting attack, we inject malicious code onto the web browser to make the web application do something that it is ideally not supposed to do. The malicious script is executed when the victim visits the web page or web server. It is used to steal cookies, session tokens or other sensitive information like user credentials. It can also be used to modify the contents of the website.

How cross-site scripting works:

It is a web application hacking technique: You need a website, a web server & a victim.

A hacker can inject malicious code onto the website or web application which will be triggered only when the user accesses the website or the data from the server via that web application.

The hacker can steal data from either the user who is accessing the website or the server which has stored data from thousands of users.

Types of cross-site scripting:

Reflected XSS

Script is executed on the victim side
Script is not stored on the server
Script is executed mainly on the web browser

DOM XSS – It makes use of a document object model to inject the malicious script.

Client-side attack. Script is not sent to the server
Legitimate server script is executed by malicious script

Stored XSS

Script is stored and executed on the server
Executed every time the malicious site is requested

How to prevent cross-site scripting:

1. User input escaping – Revoke the feature to enter any special characters.

2. Consider all input as a threat – As the User has complete control over input

3. Data Validation – Set a pre-set data input format to be identified

4. Sanitize Data – Eliminate all possible vulnerable input tags by removing them before the data is interpreted by the web application

5. Encode Output – URL encode the outputs to not reveal the vulnerability or sensitive data even if the malicious input by the user is accessing it.

6. Use right response headers – Right response headers can control what data can be received and sent to the user.